Hi, I’m starting with Mender, trying to get the mender server running locally as production environment and I’m getting an error in the menderproduction-mender-deployments-1 container. Logs looks like follows:
time="2023-03-07T18:37:51Z" level=info msg="migration to version 1.2.11 skipped" db=deployment_service file=migrator_simple.go func="migrate.(*SimpleMigrator).Apply" line=125
time="2023-03-07T18:37:51Z" level=info msg="migration to version 1.2.13 skipped" db=deployment_service file=migrator_simple.go func="migrate.(*SimpleMigrator).Apply" line=125
time="2023-03-07T18:37:51Z" level=info msg="DB migrated to version 1.2.13" db=deployment_service file=migrator_simple.go func="migrate.(*SimpleMigrator).Apply" line=140
main: failed to setup storage client: s3: failed to check bucket preconditions: operation error S3: HeadBucket, exceeded maximum number of attempts, 3, https response error StatusCode: 0, RequestID: , HostID: , request send failed, Head "https://192.168.1.102/mender-artifact-storage": x509: certificate relies on legacy Common Name field, use SANs instead
I wandering what do I have wronmg in the configuration, here’s my docker-compose prod.yml file:
# this is a template file for production setup, consult
# https://docs.docker.com/compose/compose-file/ for details on syntax and usage
#
# Notes:
# - integration/docker-compose.yml file is assumed to be included
# - integration/docker-compose.storage.minio.yml is assumed to be included
# - all services are part of `mender` network (service names are unchanged)
# - keys and certificates are generated using keygen utility from integration
# repository, keys and certificates are stored in ./keys-generated directory
# - certificates and key are mounted into containers using volumes
# - minio artifacts are stored in a named volume `mender-artifacts`; volume
# needs to be created manually using `docker volume create mender-artifacts`
# related compose bugs:
# - https://github.com/docker/compose/issues/3874
# - https://github.com/docker/compose/issues/3568
# - https://github.com/docker/compose/issues/3219
version: '2.3'
services:
mender-iot-manager:
command: server --automigrate
mender-workflows-server:
command: server --automigrate
mender-workflows-worker:
command: worker --automigrate --excluded-workflows generate_artifact
mender-create-artifact-worker:
command: --automigrate
mender-useradm:
command: server --automigrate
volumes:
- ./production/keys-generated/keys/useradm/private.key:/etc/useradm/rsa/private.pem:ro
logging:
options:
max-file: "10"
max-size: "50m"
mender-device-auth:
command: server --automigrate
volumes:
- ./production/keys-generated/keys/deviceauth/private.key:/etc/deviceauth/rsa/private.pem:ro
environment:
DEVICEAUTH_SERVER_PRIV_KEY_PATH: /etc/deviceauth/rsa/private.pem
logging:
options:
max-file: "10"
max-size: "50m"
mender-inventory:
command: server --automigrate
logging:
options:
max-file: "10"
max-size: "50m"
mender-api-gateway:
ports:
# list of ports API gateway is made available on
- "443:443"
networks:
mender:
aliases:
# mender-api-gateway is a proxy to storage
# and has to use exactly the same name as devices
# and the deployments service will;
#
# if devices and deployments will access storage
# using https://s3.acme.org, then
# set this to s3.acme.org
- 192.168.1.102
command:
- --accesslog=true
- --entrypoints.http.address=:80
- --entrypoints.http.http.redirections.entryPoint.scheme=https
- --entrypoints.http.http.redirections.entryPoint.to=https
- --entrypoints.https.address=:443
- --entryPoints.https.transport.respondingTimeouts.idleTimeout=7200
- --entryPoints.https.transport.respondingTimeouts.readTimeout=7200
- --entryPoints.https.transport.respondingTimeouts.writeTimeout=7200
- --providers.file.directory=/etc/traefik/config
volumes:
- ./config/traefik/traefik.yaml:/etc/traefik/config/traefik.yaml:ro
- ./config/traefik/traefik.middlewares.yaml:/etc/traefik/config/traefik.middlewares.yaml:ro
- ./config/traefik/traefik.tls.yaml:/etc/traefik/config/traefik.tls.yaml:ro
- ./production/keys-generated/cert/cert.crt:/etc/traefik/certs/cert.crt:ro
- ./production/keys-generated/cert/private.key:/etc/traefik/certs/private.key:ro
logging:
options:
max-file: "10"
max-size: "50m"
environment:
# ALLOWED_HOSTS is a comma-separated list of allowed hostnames
ALLOWED_HOSTS: "192.168.1.102"
mender-deployments:
command: server --automigrate
volumes:
- ./production/keys-generated/cert/cert.crt:/etc/ssl/certs/docker.mender.io.crt:ro
environment:
STORAGE_BACKEND_CERT: /etc/ssl/certs/docker.mender.io.crt
# access key, the same value as MINIO_ACCESS_KEY
DEPLOYMENTS_AWS_AUTH_KEY: mender-deployments
# secret, the same valie as MINIO_SECRET_KEY
DEPLOYMENTS_AWS_AUTH_SECRET: Xeevafai1queej7U
# deployments service uses signed URLs, hence it needs to access
# storage-proxy using exactly the same name as devices will; if
# devices will access storage using https://s3.acme.org, then
# set this to https://s3.acme.org
DEPLOYMENTS_AWS_EXTERNAL_URI: https://192.168.1.102
#DEPLOYMENTS_AWS_URI: https://192.168.1.102
logging:
options:
max-file: "10"
max-size: "50m"
minio:
environment:
# access key
MINIO_ACCESS_KEY: mender-deployments
# secret
MINIO_SECRET_KEY: Xeevafai1queej7U
volumes:
# mounts a docker volume named `mender-artifacts` as /export directory
- mender-artifacts:/export:rw
mender-mongo:
volumes:
- mender-db:/data/db:rw
volumes:
# mender artifacts storage
mender-artifacts:
external:
# use external volume created manually
name: mender-artifacts
# mongo service database
mender-db:
external:
# use external volume created manually
name: mender-db
Thanks.